Security Cloud Architect

The Cloud Security Architect (CSAs) is a member of the Professional Services (PS) team responsible for identifying, designing, and implementing leading practice security practices and controls in customer cloud environment(s). CSAs are also tasked with advising on and remediating security vulnerabilities. Effectual CSAs are “Brand Ambassadors” and are expected to stay current on leading practices to deliver high-quality, well-conceived solutions to customers that promote security without stifling customer innovation.

• Enabling customers’ secure use of AWS to achieve their business objectives through:
  • Architecting secure cloud infrastructure based on AWS latest leading security practices, including but not limited to:
    • Creating Amazon Virtual Private Cloud (VPC) resources such as subnets, network access control lists, and security groups
    • Creating IAM users and groups
    • Designing, deploying, testing, and documenting development, pre-production, and production environments
    • Composing and leveraging Infrastructure-as-Code (e.g.: AWS CloudFormation templates, Terraform, etc.) to ensure repeatable, sustainable AWS infrastructure
    • Creating golden images / AMIs and configuring auto scaling
    • Configuring multi-factor authentication on virtual and hardware devices
    • Designing and implementing patching processes
    • Designing and implementing logging and monitoring to highlight potential security risks / events
  • Supporting developers in efficiently working within AWS through:
    • Advising developers on secure coding practices
    • Collaborating with Cloud Engineers on the integration of security tooling in Continuous Integration / Continuous Deployment (CI/CD) pipelines
    • Providing expert input and guidance to other roles on topics related to AWS security.
  • Supporting the migration of customers from on-premises environments to AWS through:
    • Assisting in the development and execution of migration plans in a way that supports the secure migration of data and VMs
    • Reviewing assets that have been migrated prior to go-live to make sure they have been appropriately secured
  • Supporting the conformance of customer environments with industry-standard security frameworks (e.g.: HIPAA, NIST-800, SOX, PCI) through:
    • Reviewing current security postures
    • Identifying potential gaps in conformance
    • Suggesting possible remediation strategies
  • Supporting rigorous project governance and execution achieved through:
    • Meeting with team members daily to review progress
    • Holding team members accountable for and challenging team members on secure solution implementation approaches to achieve optimal outcomes
    • Submitting time on assigned projects, daily
  • Supporting project delivery team members by:
    • Always operating with transparency
    • Being responsive to requests from team members for information
    • Communicating working preferences and understanding the working preferences of others to help develop a high-performing team that operates with respect, effectiveness, and efficiency
  • Additional responsibilities as requested

• 3+ years of DevSecOps / SRE experience working in AWS environment(s) and / or a different cloud platform (e.g. Azure, GCP, etc.) consisting of at least:
  • 1+ year of experience developing secure AWS cloud infrastructure
  • 1+ year of experience integrating security tooling (e.g.: SonarQube, Veracode, etc.) in CI/CD pipelines using tools like Jenkins, GitHub, and Azure DevOps
  • 1+ year of experience creating automated security alerts and monitoring dashboards
• Strong working knowledge of leading AWS cloud security practices
• Proficient in developing Infrastructure-as-Code (e.g., Terraform / AWS CloudFormation)
• Demonstrable knowledge of Agile methodologies
• Ability to work with multiple clients, in parallel
• Attention to detail
• Exceptional communication and time management

• One or more cloud certifications (e.g.: AWS Security Specialty)
• Certified Information Systems Security Professional (CISSP) designation
• Experience working with and / or as a Qualified Security Assessor (QSA)

Full-time employees are eligible to participate in our employee benefit programs:

• Medical, dental, and vision health insurances,
• Short term disability, long term disability and life insurances,
• 401k with Company match
• Paid time off (PTO) (120 hours PTO that accrue over one year)
• Paid time off for major holidays (14 days per year)
• These and any other employee benefit offerings are subject to management’s discretion and may change at any time.